rogue_one 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6f56c7358aca2eaaacd1e5d93d88793cd60dbc7cfa2b4b1d21e3a4a2ba68b44b
4
- data.tar.gz: a0b87b0b0084a95a4285b2781c657beb5a88f191ff392dcc35fc1f25a6e62955
3
+ metadata.gz: 86c74a7df8a4bcd245b6f298b96a70b249e173dcb75b0813beb14b128739e11e
4
+ data.tar.gz: 8e164de064b6f087d2574ae02fa1ed7ad885da285531c00f2d488ce1f41a08b8
5
5
  SHA512:
6
- metadata.gz: c22cf1c4878be88a3fa3098f7132334a1c998b4dbcc91aff77595b78932708d1b15c2c1735cea742689c19099ce49fe2e0ceddedf0e2e8baeb9f850bcd43b5e2
7
- data.tar.gz: f71648b22084e42702e681930ffa5b7f0da42c00b444634eca93a4b347dfb201dea9f008becc85b6105ec2c47a9c6cfa8ccbed43792587e64ba07a9bcdbe7898
6
+ metadata.gz: c12b466c5fc8b96ab64bd77c2ed8309fbc6497c5d8c831d31e2b850b592446f5eefe68eb5011cf216dc9703bfafde2ff1a2f1c202943dde86b802db47beb1ffc
7
+ data.tar.gz: b805443996b4a28c1e6108fcaa1e45f1ea085db24db2428ae9c0a723f1c9017c61508e6d29151e6ae83186242c170546b5f914b6079aa6ee661b483527d8c9d4
data/README.md CHANGED
@@ -19,23 +19,32 @@ Commands:
19
19
 
20
20
  $ rogue_one report 1.1.1.1
21
21
  {
22
- "verdict": "rogue one",
22
+ "verdict": "benign one",
23
23
  "landing_pages": [
24
24
 
25
25
  ]
26
26
  }
27
27
 
28
- $ rogue_one reprot 1.53.252.215
28
+ $ rogue_one report 1.53.252.215
29
29
  {
30
30
  "verdict": "rogue one",
31
31
  "landing_pages": [
32
- "1.171.170.228",
33
32
  "1.171.168.19",
33
+ "1.171.170.228",
34
34
  "61.230.102.66"
35
35
  ]
36
36
  }
37
37
  ```
38
38
 
39
+ | Key | Desc. |
40
+ |---------------|--------------------------------------------------|
41
+ | verdict | A detection result (`rogue one` or `benign one`) |
42
+ | landing_pages | An array of IP of landing pages |
43
+
44
+ ## Notes
45
+
46
+ - This is just a PoC tool. I cannot guarantee the results with high confidence at the moment.
47
+
39
48
  ## License
40
49
 
41
50
  The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
@@ -11,7 +11,6 @@ module RogueOne
11
11
  def initialize(target:)
12
12
  @target = target
13
13
  @memo = Hash.new(0)
14
- @mismatched_domains = []
15
14
  end
16
15
 
17
16
  def report
@@ -30,12 +29,10 @@ module RogueOne
30
29
  end
31
30
 
32
31
  def rogue_one?
33
- @mismatched_domains.length > 50
32
+ !landing_pages.empty?
34
33
  end
35
34
 
36
35
  def landing_pages
37
- return [] unless rogue_one?
38
-
39
36
  @memo.map do |ip, count|
40
37
  count > 10 ? ip : nil
41
38
  end.compact
@@ -47,7 +44,6 @@ module RogueOne
47
44
  target_result = target_resolver.dig(domain, "A")
48
45
 
49
46
  if normal_result != target_result
50
- @mismatched_domains << domain
51
47
  @memo[target_result] += 1 if target_result
52
48
  end
53
49
  end
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module RogueOne
4
- VERSION = "0.1.0"
4
+ VERSION = "0.1.1"
5
5
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rogue_one
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Manabu Niseki